SonarQube LDAP Authentication seems to load but won't allow login via domain user

Question

I\'ve been trying to setup SonarQube (v4.1) with the LDAP authentication plugin (v1.4) and I just can\'t get it to authenticate against my domain user. My config is setup as

Answer 1

My Fix

I had painstakingly verified my settings, even to the point of using the log file's "User mapping" output line to configure a manual ldapsearch command and verify that my user was being retrieved properly.

For some reason, specifying this setting fixed it for me:

ldap.user.realNameAttribute=cn

Why?

This attribute is supposed to be optional and default to cn anyway, but it only works for me if I specify it manually. This might be a bug.

Debugging with ldapsearch

ldapsearch can allow you to bypass the application query LDAP directly.

I looked in the log file for this line:

INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=my-ad,DC=example,DC=com, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}

And then built an ldapsearch command like:

ldapsearch -D CN=myldapuser,CN=Users,DC=my-ad,DC=example,DC=com -W -h my-ad.example.com -b "DC=my-ad,DC=example,DC=com" "(&(objectClass=user)(sAMAccountName=myuser))"

• -D specifies the bind DN, basically the login username for LDAP
• -W means that ldapsearch will prompt you for the password
• -h specifies the LDAP URL
• -b should be baseDN from the log file line
• The last positional parameter is the request value from the log file line, after replacing {0} with a real username.

If you get real user info back, it means your basic settings are right. This is a hint that something else is going wrong.